I've just checked my httpd accesslogs and found that my Polytech's
server has been subjected to the cgi-bin/phf hack too. As far as I
can tell, no damage was done, though the hackers tried to :
- Kill processes on the server
- Reboot the server
- Create user accounts
- View the passwd file
- delete files
The attacks have come from various places and I've emailed the site
admins, it will be interesting to see what kind of response I get.
Lets just hope that the response is better than the one AOL gives :-)
NB : All opinions expressed, spelling and grammatical errors are mine and not my employers.